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The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 



3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) [3 Claim(s) 1-10 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-10 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10)Q The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

1 2)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (0. 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Response to Amendment 

This Office Action is in response to a communication made on May 1, 2007. 
The Information Disclosure Statement received April 17, 2007 has been 
considered. 

Claims 1-6, 8, and 10 have been amended. 

Claims 1-10 are pending in this application. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-10 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Reiche (6092196) in view of Rode (6970904). 

Regarding claims 1, 3, and 5, Reiche teaches a method for controlling user 
access to distributed resources on a data communications network (Column 8, lines 9 - 
1 3), the method comprising: 

Receiving, by a resource server peer group, a resource request for a resource 
stored on said resource server peer group , said resource request including, at time of 
receipt of said resource request itself, a request for said resource and a rights key 
credential (Column 9, lines 38 - 42), said rights key credential comprising: 
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at least one key to provide access to a resource on said data communications 
network (Column 9, lines 3-5) so that said at least one key is included in said resource 
request : and 

a resource identifier (Column 9, lines 45 - 46) included in said resource request 
said resource identifier comprising a resource server peer group ID and a user ID 
(Column 8, lines 65 - 66), said resource server peer group ID identifying said resource 
server peer group (Column 10, lines 50-63), said resource server peer group 
comprising at least one server that maintains a mapping between a user ID and said at 
least one key (Column 8, line 64 - Column 9, line 6; Column 1 0, lines 39 - 49); and 

providing said resource by said resource server peer group when said resource 
server peer group matches said at least one key (Column 9, lines 63 - 66) with an 
identifier in a set of identifiers associated with said resource (Column 10., lines 50 - 63). 

Reiche does not explicitly indicate that the user ID is a randomized user ID. 

Rode teaches a system for controlling access to system resources (Abstract) that 
includes a unique identifier for the user as taught in Reiche, but further teaches that the 
identifier can be a uniformly chosen random number (Column 2, lines 45 - 54). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rode's teaching of choosing a random number for the 
unique identifier in order to allow an identifier be chosen without contain any personal 
information about the user, allowing the system to keep the user anonymous. 
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Regarding claims 2, 4, and 6, Reiche teaches a method for controlling user 
access to distributed resources on a data communications network (Column 8, lines 9 - 
13), the method comprising: 

receiving, by a resource server peer group, a resource request for a resource 
stored on said resource server peer group , said resource request including at time of 
receipt of said resource reguest itself, a reguest for said resource and a rights key 
credential (Column 9, lines 38 - 42), said rights key credential comprising: 

at least one key to provide access to a resource on said data communications 
network (Column 9, lines 3-5) so that said at least one key is included in said resource 
reguest each of said at least one resource stored on a separate secure device (Figure 
1, elements 120 and 150); and 

a resource identifier included in said resource reguest (Column 9, lines 45 - 46), 
said resource identifier comprising a resource server peer group ID and a user ID 
(Column 8, lines 65 - 66), said resource server peer group ID identifying a resource 
server peer group (Column 10, lines 50-63), said resource server peer group 
comprising at least one server that maintains a mapping between a user ID and said at 
least one key (Column 10, lines 39 - 49); and 

providing said resource by said resource server peer group when said resource 
server peer group matches said at least one key (Column 9, lines 63 - 66) an identifier 
in a set of identifiers associated with said resource (Column 10, lines 50 -63) so that 
receiving, said providing and said matching are performed on said resource server peer 
group without accessing another server outside said resource server peer group . 
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Reiche does not explicitly indicate that the user ID is a randomized user ID . 

Rode teaches a system for controlling access to system resources (Abstract) that 
includes a unique identifier for the user as taught in Reiche, but further teaches that the 
identifier can be a uniformly chosen random number (Column 2, lines 45 - 54). 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to use Rode's teaching of choosing a random number for the unique 
identifier in order to allow an identifier be chosen without contain any personal 
information about the user, allowing the system to keep the user anonymous. 

Regarding claims 7 and 9, Reiche teaches the method of claims 1 and 2, 
wherein said rights key credential further comprises a nested credential referring to at 
least one credential relating to a resource delivery mechanism (Column 10, lines 50 - 
67). 

Regarding claims 8 and 10, Reiche teaches the method of claims 7 and 9, 
wherein said providing said reisource further comprises using said resource delivery 
mechanism. 

Response to Arguments 

Applicant's arguments filed May 1 , 2007 have been fully considered but they are 
not persuasive. 

The applicant argues that the reference, Reiche, does not teach that the request 
is handled by part of the. server resource peer group, but by the authentication server. 
The examiner agrees that the request is handled by the authentication server before 
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giving transferring any resource to the client, but seen in Column 8, lines 8-32 and 
Figure 1 , elements 110, 120, and 150; it shows that the authentication server is part of 
the server group of Customer servers 120 and 150, where the authentication server is 
not a trusted third party server, but part of the server group for handling the requests 
from the client and ensuring that proper users get access to the customer servers. In 
fact the authentication server acts as the common gateway interface for the resources 
contained on those servers (Column 8, lines 8-15; Column 2, lines 37 - 49). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Bates whose telephone number is (571 ) 272- 
3980. The examiner can normally be reached on 9 am - 5 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on (571 ) 272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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May 17, 2007 
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